r/Bitcoin: A community dedicated to Bitcoin, the currency of the Internet. Bitcoin is a distributed, worldwide, decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. You might be interested in Bitcoin if you like cryptography, distributed peer-to-peer systems, or economics. A large percentage of Bitcoin enthusiasts are libertarians, though people of all political philosophies are welcome.

RT @lightcoin: .@SamouraiWallet has been forward and honest about the current state of their wallet. It's an alpha state product for bleeding edge testers to experiment with - and still arguably the most advanced mobile wallet on the market. Open source backend server coming soon! https://t.co/LSUnCFvspg

.@SamouraiWallet has been forward and honest about the current state of their wallet. It's an alpha state product for bleeding edge testers to experiment with - and still arguably the most advanced mobile wallet on the market. Open source backend server coming soon! https://t.co/LSUnCFvspg

Since, I [applied](https://bitcointalk.org/index.php?topic=279249.msg46988492#msg46988492) for the [CJ bounty](https://bitcointalk.org/index.php?topic=279249.msg2983911#msg2983911) nearly a month ago, I suspect it is, because he's actively reviewing it.

xpub key, that rings a bell. If someone knows the xpub "wallet public seed" and one single private key, they can calculate all following private keys from that too. The scenario would be:
\- "I am super paranoid: using a paperwallet, split up my coins into 100 addresses, using the most secure wallet"
\- "To check on my balance with importing a watch-only copy of my paperwallet"
\- "When I need funds, I only import one address of my stash to minimize risk"
\- "Oh, weird bug, now all my 100 addresses are shown as empty, huh.."

That scenario would have got this user nuked in any case. Entering a seed to spend online is as bad as entering a key into the same computer. You can use an HD wallet with better safety than a paper wallet but you need to do offline signing.
I'm sure you know that but for onlookers who are thinking of using an HD wallet as if paper - don't. You can use Electrum for offline signing but most other HD wallets don't support it and should not be used as if paper wallets.

I seem to remember running into a similar issue. I reinstalled the app and it worked. Maybe that doesn't help in your case, but as the problem came up after you reinstalled your operating system, my bet is that the problem is related to that. Can't you use your seed to restore your wallet with Electrum or some other app?

I read the post but not the comments, have now though. He does look to have tried those things. He's got some good help there, it will work out eventually, the coins are still there waiting for him to figure it out :). He's somehow not inputting the seed and passphrase correctly in tools and wallets (other than Samourai, there is some other problem there). It's not always easy to figure out. Good luck Purple!

It's on android so you don't have the blockchain present. That means they must send addresses to some server for checking which means it's certainly possible they log them. Plus they can link them with your ip address and potentially other info if they were brazen enough to send it to the server. eg.location, os or phone info.

electrum is rough around the edges, but not as nefarious or misleading as samouwai.
Samou does some shady stuff, such as centrally monitoring all your transactions. This just makes it flat untrustworthy.
Their fake security theatre stuff sounds good, but when you look under the hood, its all about appearance of security rather than any real improvements.
Best bet is to avoid it.

Can someone clarify? It seems like as far as "on-chain" privacy, samourai is developing interesting features that break blockchain analytics. The privacy concerns appear to be the steps before your transactions are even broadcasted, which would get you in trouble if ISP/government/hackers were snooping on you... right?

providing an app - even if it is open source - as an anonymous entity is a big red flag for me. them bragging about their privacy (which is poor as greg explains) and their edgy slogan look to me like they aim for gullible people and will pull the rug once the funds managed by the app stop increasing.

open source doesn't mean that anybody would verify that your app on your phone actually is what they share on github and even if it would, hiding wallet stealing features in plain sight is rather trivial if the project is more than 100 custom lines of code or uses some library that might be under control of the attacker, too.

The difference is in the source code. You dont trust the marketing; you read the code and make up your own mind. Bitcoin source is clean. Samo source is full of fake security features, and monitoring tools. You can view it for yourself, or else find someone your trust to vet it for you.

The only rule? Don't trust, verify didn't exist until newbs needed a concept they could wrap their heads around. Crypto is about leveraging trust, and never having to trust someone more than you feel comfortable. Verification is automatic. It doesn't matter.

Once they started advertising this: https://samouraiwallet.com/features/ricochet
it became clear they are either monumentally incompetent or are trolling us.
> Each hop transaction contains one input and one output
Fucking what? How does that improve privacy if it's 100% clear what is going on?

My understanding is that this feature isn't supposed to improve privacy. It's simply a method of making chain analysis more expensive, so that if you have some tainted coin, you can still send it to regulated entities if they only check back 5 hops. In theory, this should improve fungibility.

What this really is is a method of getting paid. They're charging \~$6 for this "service" that you could just do yourself if you think such obvious "hops" make analysis any harder (protip: you really need to use a mixer to get "fungibility")

> It's simply a method of making chain analysis more expensive
It doesn't make chain analysis more expensive.
> you can still send it to regulated entities if they only check back 5 hops
It will take them whole 15 minutes to ignore trivial hops.